HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
222
Enabling MD5 authentication for TCP connections
BGP employs TCP as the transport protocol. To increase security, configure BGP to perform MD5
authentication when establishing a TCP connection. The two parties must have the same password
configured to establish TCP connections.
BGP MD5 authentication is not for BGP packets, but for TCP connections. If the authentication fails, no
TCP connection can be established.
To enable MD5 authentication for TCP connections:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enable MD5 authentication when
establishing a TCP connection to the
peer or peer group. peer {
group-name | ip-address }
password { cipher | simple }
password Optional.
Not enabled by default.
Configuring BGP load balancing
If multiple paths to a destination exist, you can conf
igure load balancing over such paths to improve link
utilization.
To configure BGP load balancing:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Configure the maximum number of
BGP routes for load balancing. balance
number Optional.
By default, Load balancing
is not enabled.
Forbiding session establishment with a peer or peer group
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Forbid session establishment with a
peer or peer group. peer { group-name |
ip-address }
ignore Optional.
Not forbidden by default.
223 Configuring a large scale BGP network In a large-scale BGP network, configuration and maintenance become difficult because of the large numbers of BGP peers. To facilitate configuration, you can configure peer group, community, route reflector, or confederation as needed. Configuration prerequisites Peering nodes are accessible to each other at the network layer. Configuring BGP peer groups A peer group is a group of peers with the same route selection policy. In a large-scale network, many peers may use the sa me route selection policy. You can configure a peer group and add these peers into this group. In this way, peers can share the same policy as the peer group. When the policy of the group is modified, the modification also applies to peers in it, simplifying configuration. A peer group is an IBGP peer group if peers in it belong to the same AS, and is an EBGP peer group if peers in it belong to different ASs. If a peer group has peers added, you cannot remove its AS number using the undo form of the command or change its AS number. Configuring an IBGP peer group After you create an IBGP peer group and then add a peer into it, the system creates the peer in BGP view and specifies the local AS number for the peer. To configure an IBGP peer group: Step Command 1. Enter system view. system-view 2. Enter BGP view. bgp as-number 3. Create an IBGP peer group. group group-name [ internal ] 4. Add a peer into the IBGP peer group. peer ip-address group group-name Configuring an EBGP peer group If peers in an EBGP group belong to the same external AS, the EBGP peer group is a pure EBGP peer group; if not, it is a mixed EBGP peer group. Use one of the following approaches to configure an EBGP peer group: • Create the EBGP peer group, specify its AS number, and add peers into it. All the added peers share the same AS number. • Create the EBGP peer group, specify an AS numb er for a peer, and add the peer into the peer group. • Create the EBGP peer group and add a peer into it with an AS number specified. To configure an EBGP peer group using Approach 1:
224 Step Command 1. Enter system view. system-view 2. Enter BGP view. bgp as-number 3. Create an EBGP peer group. group group-name external 4. Specify the AS number for the group. peer group-name as-number as-number 5. Add the peer into the group. peer ip-address group group-name NOTE: • Do not specify any AS number for a peer before adding it into the peer group. • All of the added peers have the same AS number as that of the peer group. To configure an EBGP peer group using Approach 2: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Create an EBGP peer group. group group-name external N/A 4. Specify an AS number for a peer. peer ip-address as-number as-number N/A 5. Add the peer into the group. peer ip-address group group-name [ as-number as-number ] The AS number can be either specified or not specified in the command. If specified, the AS number must be the same as that specified for the peer with the peer ip-address as-number as-number command. NOTE: Peers added in the group can ha ve different AS numbers. To configure an EBGP peer group using Approach 3: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Create an EBGP peer group. group group-name external N/A 4. Add a peer into the group and specify its AS number. peer ip-address group group-name as-number as-number N/A
225
NOTE:
• Do not specify any AS number for a peer before adding it into the peer group.
• Peers added in the group can have different AS numbers.
Configuring BGP community
A BGP community is a group of destinations with th e same characteristics. It has no geographical
boundaries and is independent of ASs.
You can configure a routing policy to define which destinations belong to a BGP community and then
advertise the community attribute to a peer or peer group.
You can apply a routing policy to filter routes adve rtised to or received from a peer or peer group
according to the community attribute, which helps simplify policy configuration and management.
For how to configure a routing policy, see Configuring routing policies.
T
o configure BGP community:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Advertise the community attribute
to a peer or peer group.
• Advertise the community attribute to a peer
or peer group:
peer { group-name | ip-address }
advertise-community
• Advertise the extended community attribute
to a peer or peer group:
peer { group-name | ip-address }
advertise-ext-community Not configured by
default.
4.
Apply a routing policy to routes
advertised to a peer or peer
group. peer {
group-name | ip-address } route-policy
route-policy-name export Not configured by
default.
Configuring a BGP route reflector
If an AS has many BGP routers, you can configure them as a cluster by configuring one of them as a route
reflector and others as clients to reduce IBGP connections.
To enhance network reliability and prevent single point of failure, specify multiple route reflectors for a
cluster. The route reflectors in the cluster must have the same cluster ID to avoid routing loops.
It is not required to make clients of a route reflector fully meshed. The route reflector forwards routing
information between clients. If clients are fully meshed
, disable route reflection between clients to reduce
routing costs.
Generally, a cluster has only one route reflector, and the router ID is used to identify the cluster. You can
configure multiple route reflectors to improve network stability. To avoid routing loops, specify the same
cluster ID for these route reflectors by using the reflector cluster-id command.
To configure a BGP route reflector:
226
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Configure the router as a route
reflector and specify a peer or
peer group as its client. peer {
group-name | ip-address }
reflect-client Not configured by default.
4.
Enable route reflection
between clients. reflect between-clients Optional.
Enabled by default.
5.
Configure the cluster ID of the
route reflector. reflector cluster-id
cluster-id Optional.
By default, a route reflector uses its
router ID as the cluster ID.
Configuring a BGP confederation
Configuring a BGP confederation is another way for reducing IBGP connections in an AS.
A confederation contains sub ASs. In each sub AS,
IBGP peers are fully meshed. Between sub ASs, EBGP
connections are established.
If routers not compliant with RFC 3065 exist in the confederation, use the confederation nonstandard
command to make the local router compatible with these routers.
Configuring a BGP confederation
After you split an AS into multiple sub ASs, you can configure a router in a sub AS as follows:
1. Enable BGP and specify the AS number of the router.
2. Specify the confederation ID. From an outsider’s perspective, the sub ASs of the confederation is
a single AS, which is identified by the confederation ID.
3. If the router must establish EBGP connections to other sub ASs, you must specify the peering sub
ASs in the confederation.
A confederation contains a maximum of 32 sub ASs. The AS number of a sub AS is effective only in the
confederation.
To configure a BGP confederation:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Configure a confederation ID.
confederation id as-number Not configured by
default.
4.
Specify peering sub ASs in the
confederation. confederation peer-as
as-number-list Not configured by
default.
Configuring confederation compatibility
If some other routers in the confederation do not comply with RFC 3065, enable confederation
compatibility to allow the router to work with those routers.
227 To configure confederation compatibility: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enable compatibility with routers not compliant with RFC 3065 in the confederation. confederation nonstandard Optional. Not enabled by default. Configuring BGP GR Perform the following configuration on the GR Restarter and GR Helper. Follow these guidelines when you configure BGP GR: • A device can act as a GR Restarter and GR Helper at the same time. • The maximum time allowed for the peer (the GR rest arter) to reestablish a BGP session must be less than the Holdtime carried in the Open message. • The End-Of-RIB (End of Routing-Informatio n-Base) indicates the end of route updates. To c o n fig u re BG P G R : Step Command Remarks 1. Enter system view. system-view N/A 2. Enable BGP and enter its view. bgp as-number N/A 3. Enable GR Capability for BGP. graceful-restart Disabled by default. 4. Configure the maximum time allowed for the peer to reestablish a BGP session. graceful-restart timer restart timer Optional. 150 seconds by default. 5. Configure the maximum time to wait for the End-of-RIB marker. graceful-restart timer wait-for-rib timer Optional. 180 seconds by default. Enabling trap After trap is enabled for BGP, BGP generates Level-4 traps to report important events. The generated traps are sent to the information center of the device. The trap output rules (whether to output the traps and the output direction) are determined accordin g to the information center configuration. (For information center configuration, see Network Management and Monitoring Configuration Guide .) To e n ab l e t rap : Step Command Remarks 1. Enter system view. system-view N/A 2. Enable trap for BGP. snmp-agent trap enable bgp Optional. Enabled by default.
228
Enabling logging of peer state changes
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enable the logging of peer
state changes globally. log-peer-change Optional.
Enabled by default.
4.
Enable the logging of peer
state changes for a peer or
peer group. peer {
group-name | ip-address }
log-change Optional.
Enabled by default.
Configuring BFD for BGP
BGP maintains neighbor relationships based on the ke
epalive timer and holdtime timer, which are set in
seconds. BGP defines that the holdtime interval must be at least three times the keepalive interval. This
slows down link failure detection; once a failure occurs on a high-speed link, a large quantity of packets
will be dropped. BFD is introduced to solve this pr oblem. It detects links between neighbors quickly to
reduce convergence time upon link failures.
After a link failure occurs, BFD may detect the failure before the system performs GR. As a result, GR will
fail. If GR capability is enabled for BGP, use BFD with caution. If GR and BFD are both enabled, do not
disable BFD during a GR process; otherwise, GR may fail. For BFD configuration, see High Availability
Configuration Guide .
IMPORTANT:
Before configuring BFD for BGP, you must enable BGP.
To enable BFD for a BGP peer:
Step Command Remarks
1.
Enter system view.
system-view N/A
2. Enter BGP view.
bgp as-number N/A
3. Enable BFD for the specified
BGP peer. peer
ip-address bfd Not enabled for any BGP peer by
default.
Displaying and maintaining BGP
Displaying BGP
Task Command Remarks
Display peer group information. display bgp group [
group-name ] [ | { begin | exclude
| include } regular-expression ] Available in
any view
229
Task Command Remarks
Display advertised BGP routing
information. display bgp
network [ | { begin | exclude | include }
regular-expression ] Available in
any view
Display AS path information. display bgp paths [
as-regular-expression | | { begin |
exclude | include } regular-expression ] Available in
any view
Display BGP peer or peer group
information. display bgp peer
[ ip-address { log-info | verbose } |
group-name log-info | verbose ] [ | { begin | exclude
| include } regular-expression ] Available in
any view
Display the prefix information in
the ORF packet from the specified
BGP peer. display bgp
peer ip-address received ip-prefix [ |
{ begin | exclude | include } regular-expression ] Available in
any view
Display BGP routing information. display bgp routing-table
[ ip-address [ { mask |
mask-length } [ longer-prefixes ] ] ] [ | { begin |
exclude | include } regular-expression ] Available in
any view
Display routing information
matching the AS path ACL. display bgp routing-table as-path-acl
as-path-acl-number
[ | { begin | exclude | include }
regular-expression ] Available in
any view
Display BGP CIDR routing
information. display bgp routing-table cidr
[ | { begin | exclude |
include } regular-expression ] Available in
any view
Display BGP routing information
matching the specified BGP
community. display bgp routing-table community
[ aa:nn& ] [ no-advertise | no-export |
no-export-subconfed ] * [ whole-match ] [ | { begin |
exclude | include } regular-expression ] Available in
any view
Display routing information
matching a BGP community list. display bgp routing-table
community-list
{ { basic-community-list-number | comm-list-name }
[ whole-match ] | adv-community-list-number } [ |
{ begin | exclude | include } regular-expression ] Available in
any view
Display BGP dampened routing
information. display bgp routing-table dampened
[ | { begin |
exclude | include } regular-expression ] Available in
any view
Display BGP dampening
parameter information. display bgp routing-table dampening parameter
[ |
{ begin | exclude | include } regular-expression ] Available in
any view
Display BGP routing information
originating from different ASs. display bgp
routing-table different-origin-as [ |
{ begin | exclude | include } regular-expression ] Available in
any view
Display BGP routing flap statistics. display bgp routing-table flap-info
[ regular-expression
as-regular-expression |
[ as-path-acl as-path-acl-number | ip-address [ { mask
| mask-length } [ longer-match ] ] ] [ | { begin |
exclude | include } regular-expression ] ] Available in
any view
Display labeled BGP routing
information. display bgp routing-table label [
| { begin | exclude |
include } regular-expression ] Available in
any view
Display routing information to or
from a peer. display bgp routing-table peer ip-address
{
advertised-routes | received-routes }
[ network-address [ mask | mask-length ] | statistic ] [ |
{ begin | exclude | include } regular-expression ] Available in
any view
Display routing information
matching a regular expression. display bgp
routing-table regular-expression
as-regular-expression Available in
any view
230
Task Command Remarks
Display BGP routing statistics. display bgp
routing-table statistic [ | { begin | exclude
| include } regular-expression ] Available in
any view
Display the global router ID. display router id
[ | { begin | exclude | include }
regular-expression ] Available in
any view
Resetting BGP connections
Task Command Remarks
Reset all BGP connections. reset bgp all Available in user
view
Reset the BGP connections to an AS.
reset bgp as-number Available in user
view
Reset the BGP connection to a peer. reset bgp ip-address [ flap-info ] Available in user
view
Reset all EBGP connections. reset bgp external Available in user
view
Reset the BGP connections to a peer group. reset bgp group group-name Available in user
view
Reset all IBGP connections. reset bgp internal Available in user
view
Reset all IPv4 unicast BGP connections. reset bgp ipv4 all Available in user
view
Clearing BGP information
Task Command Remarks
Clear dampened BGP routing
information and release suppressed
routes. reset bgp dampening
[ ip-address [ mask |
mask-length ] ] Available in
user view
Clear route flap information. reset bgp
flap-info [ ip-address [ mask-length |
mask ] | as-path-acl as-path-acl-number |
regexp as-path-regular-expression ] Available in
user view
BGP configuration examples
BGP basic configuration
Network requirements
In Figure 90 , run EBGP between Switch A and Switch B and IBGP between Switch B and Switch C so that
Switch C can access the network 8.1.1.0/24 connected to Router A.
231
Figure 90 Network diagram
Configuration procedure
1. Configure IP addresses for inte rfaces. (Details not shown.)
2. Configure IBGP:
{ To prevent route flapping caused by port state changes, this example uses loopback interfaces
to establish IBGP connections.
{ Because loopback interfaces are virtua l interfaces, you need to use the peer connect-interface
command to specify the loopback interface as the source interface for establishing BGP
connections.
{ E n a b l e OS P F i n AS 650 0 9 t o m a ke s u re t h a t Swi t c h B c a n c o m m u n ic a t e wi t h Swi t c h C t h ro u g h
loopback interfaces.
# Configure Switch B.
system-view
[SwitchB] bgp 65009
[SwitchB-bgp] router-id 2.2.2.2
[SwitchB-bgp] peer 3.3.3.3 as-number 65009
[SwitchB-bgp] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp] quit
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 9.1.1.1 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Configure Switch C.
system-view
[SwitchC] bgp 65009
[SwitchC-bgp] router-id 3.3.3.3
[SwitchC-bgp] peer 2.2.2.2 as-number 65009
[SwitchC-bgp] peer 2.2.2.2 connect-interface loopback 0
[SwitchC-bgp] quit
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
[SwitchC] display bgp peer